10.4 Expressing risk appetite Flashcards
What are the two categories of risk appetite expressions suggested by Ashby?
Metric
Non-metric
What are the two types of metric based expressions of risk appetite?
Probability and impact boundaries
Targets, limits and thresholds
What are probability and impact boundaries?
Risk appetite limits for probability and impact, usually displayed as a RAG matrix.
What is the purpose of targets, limits and thresholds?
Provide a reflection of an organisations appetite for risk.
What are three examples of non-metric expressions of risk appetite?
Statements of values
Risk management policies
Formal risk appetite statement
What is the significance of statements of values for risk management?
Values often relate to how risk is taken and managed. For example, “honesty” can relate to compliance, “sustainability” is related to the longer term view, etc.
What is usually contained within a risk appetite statement?
Values and principles that relate to appetite, risks for which there is zero appetite, stakeholders that the organisation has considered, how risk appetite is monitored.
